In nearly identical letters to the chief executives of Visa USA and MasterCard International, Massachusetts Rep. Barney Frank said a company responsible for security systems that are breached should be the one to notify customers, or should be identified publicly as the party responsible for the breach.
"If this can not be done legally at present, I feel strongly enough on this point to make legislative changes to make this a requirement," Frank wrote to the executives.
Frank's letter follows an announcement last week from Visa USA that a data security breach at a U.S. merchant may have, prompting at least two banks to reissue some debit cards.
On Saturday, CNET News.com reported that investigators found a common link among many people whose debit cards were compromised: they previously had shopped at office-supply chain OfficeMax, according to a banking source familiar with the case. Two law enforcement sources said that OfficeMax was part of the investigation but declined to provide details.
But OfficeMax denied that it was the problem.
"We have not suffered any security breach to our knowledge," OfficeMax spokesman William Bonner said Friday.
It was the latest in a string of incidents in which consumer data has been lost, stolen or exposed. The problems have affected companies such as
CNET News.com's Greg Sandoval contributed to this report.